Adopted Cloud, What’s next ?
Table of contents
No headings in the article.
Cloud & Beyond
For the past 3–4 years , every other organization is pushing themselves to adopt cloud offerings from various vendors and changing their Service delivery model to cloud based delivery model .
Its time for CIO’s to Consider various other related aspects.
- Cloud Outages — Cloud outages are here to stay
- Cloud Optimization — OPEX may Surpass CAPEX model of delivery
- Cloud Security, Privacy, Compliance & Monitoring
- Change in Mindset — New Infrastructure model but an old mindset is a disaster
- Governance Policies — No upfront governance policies and processes
- Tight coupling with Vendor Service offerings — Cloud Inter-operability and Portability
- Lack of Talent to Manage Cloud Services — Up skilling and staying relevant
Although the list may go up based on our experience, I would like to limit to the above ones at this point in time.
Cloud Outages :
Outages can be due to Natural(earthquake, flood, cyclone, hurricane etc.,) and Unnatural (DDoS Attacks, War etc.,) causes/disaster. The cost of impact can be tangible or intangible in nature. What is advocated here is reduce the reliance on one vendor to offer the critical services to your customers. For ex. The disaster recovery site can be with another vendor. Even in future the HA settings will be between two of the opted vendors this way the competitors will be forced to offer competitive pricing to their users.Make sure your provider has the right processes in place and that they will alert you if there is ever an issue. But care should be taken to sync/replicate the infrastructure and data also the related operating procedure.
Non-Functional requirements capture and the periodic watch against the agreements from Cloud vendors is the Key
Cloud Optimization :
Every organization should understand of a fact that Cloud optimization is not limited to managing cloud spend alone and it includes optimization for performance, visibility and costs to value. It is applicable to organizations which are recently migrated to cloud or operating there for while.
Whatever may be the type of cloud environment / cloud vendor the organization choose, the responsibility of managing IT still falls with the organization, not the cloud provider. Cloud optimization is not a one-time deployment that holds forever. It is a continuous improvement process, this demands organization to periodically monitor offerings from cloud vendors, newer technology models ( like serverless), tight cost control mechanisms and right tools to monitor and manage the spend across opted cloud vendors. The process can be an integral part of SDLC life cycle which includes DevSecOps where they can opt for right patterns, development models, automated deployment models’ to improve specific areas of an application in the cloud.
Managed services may not come to satisfy your wallet, that also needs periodic review and optimization.
Cloud management is the process that DevSecOps uses to track whether efforts put into the application work as expected against specific KPIs. FinOps — the financial management of cloud (Contextualized for cloud) is a highly effective way of changing the culture. To align the whole organization around the Total Cost of Ownership (TCO) of the cloud estate, it is necessary to enable teams to take responsibility of their cloud usage and cloud costs.
Cloud Security, Privacy, Compliance & Monitoring :
Security is a pressing concern in the world of cloud-based computing as it is hard to know where the data is stored or processed. Organizations have to understand about Cloud Security, Privacy and Compliance requirements and assess the service providers against these factors. Once the important data of your organization is transferred to a third party, you should make sure to have a cloud security and management system.
One of the risks of cloud computing facing today is compliance. Depending on the sector and requirements, every organization must ensure these standards are respected and carried out.
What I would like to suggest here is,
- The best way to do this is to start small by moving few workloads to the cloud and start evaluating the security, privacy and compliance related aspects
- It is better to seek legal advice before opting cloud vendor offerings than losing out on many benefits offered by cloud technologies
- Third party assurance reports can often help ensure confidence in cloud service provider
The reality is that public cloud service providers invest far more in their security than any individual organization.
Governance Policies :
As part of Cloud Strategy definition what is advocated is to defined the governance rules & policies. The very aim of Cloud governance is to enhance data security, manage risk, handle compliance obligations.
Cloud governance should specify how to manage the entire data lifecycle in the cloud.
- Cloud Operations management
- cloud Financial Management
- Cloud Security and Compliance management
Cloud governance takes responsibility for all the key topics of enterprise security and compliance. It determines what are the organization’s security and compliance requirements are, and ensures to enforce in the cloud environment of the Vendor whether it is offered as managed service or it is defined in the Vendor services with the help of Security and Compliance specialists.
Below factors plays a major role in cloud governance,
Collaboration is key -there should be clear agreements between owners and users of cloud infrastructure, and other stakeholders in the relevant organizational units, to ensure they make appropriate and mutually beneficial use of cloud resources with appropriate terms and conditions.
Change management practices -all changes to a cloud environment must be implemented in a consistent and standardized manner, subject to the appropriate controls and procedures agreed between involved parties.
Dynamic response and management-cloud governance should rely on monitoring and cloud automation to dynamically respond to events in the cloud environment with appropriate escalation and management controls.
Cloud Operations management involves defining processes for deployment and maintenance of services. These processes should include:
- A clear definition of resources allocated to the service over time
- Service-level agreements (SLAs) to define expected performance
- Ongoing monitoring to make sure SLAs and SLOs are met
- Process and required checks during the development and deployment with appropriate access control
- Strong cloud operations management is an excellent way to prevent shadow IT
Tight coupling with Vendor Service offerings :
One of the biggest problem observed by organizations across the globe which adopted cloud computing is, the vendor lock-in and difficulty in moving from one provider or platform to another. As an EA what I could hear from my customers is that once all systems have been moved to the cloud, the organization will be bound to the same vendor even if their prices increase.
I normally advise my customers to take these steps to avoid this problem.
1. Try implementing multi-cloud solution
2. Spread systems across several cloud platforms
3. Avoid implementing tightly coupled service offerings from vendor
4. Take guidance in setting up the cloud architecture to maximize portability and interoperability for Application, platform and Data portability
5. Use containerization kind of generic models for easy portability
6. Adopt standards driven service offerings for easy interoperability
7. Adopt different protocols and management styles for each component of your ecosystem rather than taking a one-size-fits-all approach
8. Read and understand about the terms and conditions of the service provider before opting their services
Lack of Talent to Manage Cloud Services :
One of the cloud challenges the organizations are facing today is lack of resources and/or expertise. Organizations are increasingly moving workloads to cloud and cloud technologies are rapidly advancing and it is becoming hard to keep-up with the tools and techniques and also the expertise to manage and sustain.
In a PwC CEO Survey, 77% of CEOs were worried about the availability of key skills
Organizations which are pushing hard to stay relevant should develop a cloud center of excellence to improve employees cloud skills. As the success of adoption and migration is driven by people , investments made on transformation programs are the key to success.
Change in Mindset :
Making the transition to the cloud is not just a technology or process change, but also a significant cultural change introduced by the decision makers within the organization. To make this transition a successful one, change in Mindset is the key.
Keeping old school of thoughts won’t help in reaping the real benefits of Cloud. Willingness to rethink the value proposition across the organization, considering where alignments in people, processes, Technology and culture are needed to deliver value more effectively and efficiently.
I read somewhere, Organizational culture is like the operating system of the organization and refers to the collective values, beliefs, attitudes, and behaviors that are active in an organization
Start with a mindset to learn, grow and iterate. Rethink the role of cloud technology and how it can be leveraged across the organization for strategic advantage, deliver business value and mission fulfillment.
Concluding Remarks :
Most of the organizations did not have a robust cloud adoption strategy in place when they started to move to cloud. Instead, what is observed is ad-hoc strategies sprouted, fueled by several components like Competitors, differentiation, customer demand, cost pressures etc.,. Without Proper Cloud Strategy defined for their organization, many have jumped into Cloud adoption.
Cloud Strategy Document — More of a running document — which needs periodic update and adoption
Care should be taken to,
1. Review current cloud strategy and update it periodically
2. plan carefully to adopt cloud (single/multi / Private/Hybrid/public)
3. Manage Appropriate technology currency
4. Do detailed assessment of Cloud vendor offerings (be it Security, Compliance, long-term support, Migration support, Monitoring and Management support etc.,)
5. Perform Continuous monitoring and improvement
Originally published at linkedin.com.